WordPress ARforms plugin <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by h0xilo in WordPress Plugin ARForms versions = 7.1.3...

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

EUVD-2026-38644

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress ARForms plugin <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution vulnerability

Unauthenticated Blind Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin ARForms Form Builder versions = 1.7.2...

EUVD-2024-55483

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The ARForms WordPress plugin (The Contact Form, Survey, Quiz & Popup Form Builder) is vulnerable to arbitrary shortcode execution in all versions up to 1.7.2. Root cause: the software executes do_shortcode after validating input improperly, enabling unauthenticated attackers to run arbitrary shor...

WordPress plugin ARForms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

EUVD-2018-7676

Malware in sbrugna...

EUVD-2024-52343

Malicious code in bioql PyPI...

EUVD-2024-30492

Malicious code in bioql PyPI...

EUVD-2024-29166

Malicious code in bioql PyPI...